Article thumbnail

Do you take Credit Cards? Security and Compliance for the Credit Card Payment Industry

By Lorrie Willey and Barbara Jo White

Abstract

Security is a significant concern in business and in information systems (IS) education from both a technological and a strategic standpoint. Students can benefit from the study of information systems security when security concepts are introduced in the context of real-world industry standards. The development of a data security standard for organizations operating within the credit card payment industry serves as an excellent example of a real-world security standard that lends itself to classroom study. The establishment and requirements of the Payment Card Industry Data Security Standard (PCI DSS), and the associated consequences for noncompliance, represents a businesslike approach to the organizational protection of data that students will find interesting and one to which they will relate. Everybody uses credit cards! Incorporating the topic of PCI DSS into an activity allows students to learn and apply PCI DSS concepts to a business setting. Just asking “If everyone uses credit cards, why don’t all businesses accept them?” will start a process of exploration for the class. A hypothetical business teaching case, Blue Mountain Jams (BMJ), illustrates the challenge of PCI DSS mandates for small businesses. Small business is given some leeway in self-assessment under PCI DSS to document compliance after the decision is made to accept credit card payments. That leeway gives students the opportunity to learn and analyze the PCI DSS requirements and compliance methods and to determine the best course of action for a business that has made the decision to start accepting credit cards

Topics: Critical thinking, Information assurance & security, Security, Teaching case
Publisher: AIS Electronic Library (AISeL)
Year: 2013
OAI identifier: oai:aisel.aisnet.org:jise-1149

Suggested articles


To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.